System and method for providing conditional access in a satellite television system

ABSTRACT

A network device may pair with a particular satellite dish by storing a security key uniquely associated with the particular satellite dish. The network device may then receive encrypted data from the particular satellite dish, and decrypt the received encrypted data utilizing the security key. One or more circuits of the network device may be operable to prevent the network device from decrypting data from any satellite dish other than the particular satellite dish. The network device may be operable such that the security key is the only key that the network device can utilize for decrypting signals received via a particular interface and/or from a particular address. One or more circuits collocated with a satellite dish may be operable to encrypt data utilizing a security key stored in the one or more circuits. The security key may be unique to the one or more circuits and/or satellite dish.

INCORPORATION BY REFERENCE

This patent application makes reference to:

U.S. Patent Application Provisional Ser. No. 61/487,979 entitled“Efficient Architecture for Broadband Receivers” filed on May 19, 2011;U.S. patent application Ser. No. 13/326,125 entitled “System and Methodin a Broadband Receiver for Efficiently Receiving and ProcessingSignals” filed on Dec. 14, 2011; andU.S. patent application Ser. No. 13/301,400 entitled “Method and Systemfor Providing Satellite Television Service to a Premises” filed on Nov.21, 2011.

Each of the above applications is hereby incorporated herein byreference in its entirety.

FIELD OF THE INVENTION

Certain embodiments of the invention relate to satellite television.More specifically, certain embodiments of the invention relate to asystem for method for conditional access in an in-home network based onmulti-network communication.

BACKGROUND OF THE INVENTION

Existing systems for conditional access are overly expensive and oftenineffective. Further limitations and disadvantages of conventional andtraditional approaches will become apparent to one of skill in the art,through comparison of such systems with some aspects of the presentinvention as set forth in the remainder of the present application withreference to the drawings.

BRIEF SUMMARY OF THE INVENTION

A system and/or method for providing conditional access in a satellitetelevision system, substantially as illustrated by and/or described inconnection with at least one of the figures, as set forth morecompletely in the claims.

These and other advantages, aspects and novel features of the presentinvention, as well as details of an illustrated embodiment thereof, willbe more fully understood from the following description and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts an exemplary satellite television system.

FIG. 2 depicts an exemplary Internet Protocol low-noiseblock-downconverter (IP-LNB).

FIG. 3 depicts an exemplary network gateway for use with a satellitedish comprising an IP-LNB.

FIG. 4 illustrates removal and application of content protection by anIP-LNB.

FIG. 5 is a flowchart comprising exemplary steps for pairing of asatellite dish and a client device.

FIG. 6 is a diagram illustrating out-of-band exchange of security keysin a satellite television system in which a satellite dish is pairedwith a gateway.

DETAILED DESCRIPTION OF THE INVENTION

As utilized herein the terms “circuit” and “circuitry” refer to physicalelectronic components (i.e. hardware) and any software and/or firmware(“code”) which may configure the hardware, be executed by the hardware,and or otherwise be associated with the hardware. As utilized herein,“and/or” means any one or more of the items in the list joined by“and/or”. As an example, “x and/or y” means any element of thethree-element set {(x), (y), (x, y)}. As another example, “x, y, and/orz” means any element of the seven-element set {(x), (y), (z), (x, y),(x, z), (y, z), (x, y, z)}. As utilized herein, the terms “block” and“module” refer to functions than can be implemented in hardware,software, firmware, or any combination of one or more thereof. Asutilized herein, the term “exemplary” means serving as a non-limitingexample, instance, or illustration. As utilized herein, the terms “e.g.”or “for example” introduce a list of one or more non-limiting examples,instances, or illustrations.

FIG. 1 depicts an exemplary satellite television system. As shown inFIG. 1, the system 100 comprises an exemplary in-home network 100, asatellite dish 106 comprising a module 122, a wide area network (WAN)112 comprising one or more servers 124, a network link 108 connectingthe dish 106 and the in-home (or in-premises) network 100, and a link110 connecting the in-home network 100 and the WAN 112. The exemplaryin-home network 100 comprises a gateway 102, television 114, and a localarea network (LAN) 104.

The satellite dish 106 may comprise circuitry operable to receivesatellite signals and output the received signals to the gateway 102 viathe communication link 108. The satellite dish 106 may, for example,comprise the Internet Protocol (IP) low noise block-downconverter (LNB)122 described below with respect to FIG. 2.

Each of the communication links 108 and 110 may comprise one or morewired, wireless, and/or optical links. The communication link 108 maycomprise, for example, a coaxial cable and/or a 60 GHz wireless linkwhich carries physical layer symbols in accordance with, for example,Multimedia over Coax Alliance (MoCA) or Ethernet standards. Thecommunication link 110 may comprise, for example, a coaxial cable orCat-5e cable which carries physical layer symbols in accordance with,for example, DSL or Ethernet standards.

The gateway 102 may comprise circuitry operable to receive satellitesignals, process the received signals to recover data, and output thedata to an end-user device such as the television 114. The gateway 102may also comprise circuitry operable to transmit and/or receive dataover the communication link 110 and 128. Communications over the link128 may be in accordance with, for example, Multimedia over CoaxAlliance (MoCA) and/or Ethernet standards. Details of an exemplarygateway 102 are described below with respect to FIG. 3. The gateway 102may, for example, be a stand-alone unit or may be integrated with atelevision set top box (STB) or other device of the network 100.

The television 114 may comprise circuitry operable to receive media andcontrol data via one or more point-to-point media links (e.g., HDMI),process the received data to recover audio and/or video, and present theaudio and/or video to a viewer.

The WAN 112 may comprise, for example, a DSL (or cable) headend andassociated circuitry and/or devices. Such devices may include one ormore servers 124 which are operable to communicate with the gateway 102to communicate general IP traffic and/or to communicate controlinformation pertaining to satellite television communications. Forexample, the server 124 may establish a secure connection to the gateway102 to exchange security keys for decrypting and/or descrambling signalsreceived via the dish 106. The communication link between a satellitetelevision content provider and the network 100 via the satellite dish106 and communication link 108 may, for example, be completely orpartially independent of the WAN and communication link 110.

The LAN 104 may comprise any number and/or type of networking devices.Exemplary devices shown include a computer 116, network attached storage120, and a wireless access point (WAP) 118. The devices of the LAN 104may communicate utilizing, for example, MoCA and/or Ethernet protocols.

In operation, the dish 106 may receive satellite signals, the signalsmay be processed by the IPLNB 122, and the processed signals may betransmitted onto the link 108. The processing of the signals by theIPLNB 122 may include encryption utilizing one or more security keysthat are unique to the dish 106 and/or unique to the IPLNB 122. Asutilized herein, “unique” means literally unique (i.e., one of a kind),or unique to the point where the probability of another dish or IPLNBhaving the same security keys is below a desired threshold. Thethreshold may be chosen by, for example, the manufacturer of the IPLNB122 and/or the satellite service provider employing the IPLNB 122.Higher probability of keys being unique may be achieved by, for example,utilizing longer keys.

The gateway 102 may receive the signals on the link 108, process thesignals, and output media and/or other data to the television 114 and/orthe LAN 104. The processing of the signals by the gateway 102 mayinclude decryption utilizing a security key that is unique to the dish106 and/or unique to the IPLNB 122. The security key may have beenprogrammed into the gateway 102 during a pairing of the gateway 102 tothe dish 106 and/or IPLNB 122. Such a pairing may, for example, beperformed by a technician during installation of the dish 106, the IPLNB122, and the gateway 102. For example, the technician may configure theIPLNB 122 and/or the gateway 102 into a “service mode.” A service modemay be, for example, a mode which is accessible only by persons havingnecessary security credentials (e.g., a password, and/or a dongle orother specialized hardware). While the IPLNB 122 and/or the gateway 102is in a service mode, a technician may be able to read and/or writesecurity keys to and/or from memory in the IPLNB 122 and/or gateway 102.

In an exemplary embodiment, once the security keys are programmed intothe IPLNB 122 and the gateway 102, the gateway may be able to onlydecrypt signals from the particular IPLNB 122 and not able to decryptsignals from another IPLNB (not shown). In this manner, if the gateway102 is moved to a different location and connected to a different IPLNB,the gateway 102 may be unable to process signals from the differentIPLNB (e.g., the gateway 102 may be unable to decrypt encrypted contentfrom the different IPLNB).

FIG. 2 depicts exemplary circuitry collocated with a satellite dish. Thetransceiver circuit 122, referred to herein as IP-LNB 122, comprises alow-noise block-downconverter 210 and a broadband multichannel receiver(BMR) 215. The LNB 210 and BMR 215 may, for example, be integrated on acommon substrate (e.g., a single silicon die).

The LNB 210 receives RF satellite signals, and filters and amplifiessuch signals to generate corresponding IF signals, which are thenprovided to downstream entities. The LNB 210 is illustrated outputting M(an integer number) of IF signals, labeled s₁ to s_(M). Each of such IFsignals may, for example, comprise IF signals in the 950 MHz to 2150 MHzrange, each of which may correspond to a respective satellite signal(e.g., a satellite television signal).

The BMR 215 may, for example, be operable to process the plurality of IFsignals S₁-S_(M) received from the LNB 210 and output a digital signal(e.g., one or more digital Internet Protocol (IP) signals) thatcommunicates desired channels. For example, a non-limiting exemplaryimplementation of the BMR 215 is illustrated in FIG. 2, and comprises avariety of modules, for example a Full-Band Capture Receiver bank 240,Digital Channelizer 250, N×Demodulator bank 260, IP Bridge 270,Communication Interface Module 280 (e.g., an IP communication interfacemodule comprising a MAC and PHY layer for IP networking), and aconditional access module 262.

For example, the BMR 215 may comprise a Full-Band Capture Receiver bank240 (e.g., comprising M full-band capture receivers, FBCR₁-FBCR_(M)).Each of such full-band capture receivers may, for example, digitize theentire IF signal contained on a respective input IF signal from the LNB210. In an exemplary satellite implementation, each of such full-bandcapture receivers may, for example, digitize the entire 950 MHz to 2150MHz range of satellite-related content (e.g., media content) on therespective input signal. For example, FBCR₁ may receive analog IF signals₁ from the LNB 210 and digitize the entire IF content of the inputsignal s₁ to generate output signal d₁. In such a manner, the full-bandcapture receiver bank 240 may receive M analog IF signals s₁-s_(M) fromthe LNB 210 and output corresponding digital signals d₁-d_(M).

Note that although the full-band capture receiver bank 240 is shown anddiscussed as receiving the M analog IF signals s₁-s_(M) from the LNB210, such signals may be received from a plurality of different sources(e.g., from one or more satellite television sources, from one or morecable television sources, from one or more terrestrial broadcasttelevision sources, etc.). Such full-band capture receiver(s) may, forexample, operate to capture the complete, or substantially complete,spectral band for a particular communication protocol, standard or not(e.g., for a satellite television communication protocol). Also, suchfull-band capture receiver(s) may, for example, operate to capture thecomplete, or substantially complete, respective spectral bands for aplurality of respective communication protocols or standards (e.g., fora satellite television communication protocol and/or a cable televisioncommunication protocol and/or a terrestrial television communicationprotocol, etc.).

Note that, depending on the IF bandwidth utilization and/or depending ondesired channels, one or more of the plurality of FBCRs of the FBCR bank240 may be powered down. For example, if a particular FBCR correspondsto a satellite signal that is not presently providing a desired channel,such particular FBCR may be powered down (e.g., until a need for achannel corresponding to the particular FBCR arises). Alternatively, anon-utilized FBCR may also be re-tasked to process another signal (e.g.,a signal corresponding to another orbital slot, a signal correspondingto a different signal source, for example, a different satellite and/orterrestrial broadcast source, etc.).

The BMR 215 may also comprise a digital channelizer (DCC) 250. The DCC250 may, for example, operate to receive the digitized signals d₁-d_(M)output from the FBCR bank 240. The DCC 250 may then, for example,process such received digitized signals d₁-d_(M) (e.g., decimating andfiltering such signals) to select desired channels from the set ofchannels available in the digitized signals d₁-d_(M). As such, the DCC250 may, for example, serve as a crossbar for selecting an arbitrary setof desired channels from among the channels available from one or morebroadband sources.

The DCC 250 may perform such processing in any of a variety of manners.For example and without limitation, the DCC 250 may utilize a polyphasefilter or a block that calculates a running FFT of the receiveddigitized signals d₁-d_(M) and selects a decimated output from each FFTfor further processing. The DCC 250 may, for example, perform switchingand routing operations after performing the above-mentionedFFT/filtering operations, which may, for example, beneficially reducethe speed at which the switching and routing operations need beperformed.

The further processed output may then, for example, be output on one ormore signals c₁ (e.g., output on M output lines, each of whichcorresponding to one of the M input signals; multiplexed onto a singleoutput line; multiplexed onto more than one and less than M outputlines, etc.).

The DCC 250 may, for example, receive channel-selection information fromupstream (e.g., via a path from the satellite) and/or from downstream(e.g., from an in-home device), such channel-selection information beingindicative of such desired and available channels.

The BMR 215 may additionally comprise an N×Demodulator bank (NDB) 260.Such NDB 260 may, for example, operate to receive the output signal(s)c₁ from the DCC 250 and recover the digital information modulated onsuch received signal(s). The one or more signals c₂ output by the NDB260 (which may comprise one or more digital signals output on one ormore output lines) may, for example, comprise one or more transportstreams, including for example, media transport streams like MPEG,general data transport streams, etc.

In an exemplary embodiment of the invention, the signal(s) c₂ maycomprise one or more scrambled and/or encrypted transport streams.Accordingly, the conditional access module (CA) 262 may be operable todescramble and/or decrypt the signal(s) c₂. The CA 262 may, however,only descramble and/or decrypt content that is permitted by aservice-level agreement between the satellite provider and the owner ofthe dish 106. Content to which the dish 106 is permitted access (e.g.,free content and/or content that the owner of the dish 106 has paid for)may be descrambled and/or decrypted before being output as signal(s) c₃.Content to which the dish 106 is not permitted access (e.g.,subscription-based content that the owner of the dish 106 has not paidfor) may be output as signal(s) c₃ in the scrambled and/or encryptedform in which it was received.

The BMR 215 may further comprise a digital rights management (DRM)module 264 which may be operable to generate the signal(s) c₄ byapplying content protection to the signal(s) c₃. The DRM module 264 may,for example, scramble and/or encrypt the signal(s) c₃ utilizing one ormore keys. The one or more keys may be unique to the IPNLB 122. Thekey(s) may be one-time programmable and/or may be occasionally and/orperiodically updated.

The DRM module 264 may, for example, apply content protection inaccordance with the DTCP-IP standard. The CA 262 and the DRM 264 may betightly integrated (e.g., integrated in a single IC, performed by a sameprocessor, etc.) to provide physical protection for the signal(s) c₃.

The BMR 215 may further comprise an IP Bridge (BIP) 270 (or otherprotocol bridge(s)). Such BIP 270 may, for example, operate to receivethe output signal(s) c₄ from the DRM module 264 (e.g., includingtransport streams and/or other information) and encapsulate such digitalinformation in IP packets. Such encapsulation may, for example, compriseforming the input digital information into IP packets for downstreamcommunication.

The BIP 270 may also, for example, operate to filter the digitalinformation received from the DRM module 264. Such filtering may, forexample, comprise various types of data filtering. For example, the BIP270 may operate to perform packet identification (PID) filtering toselect only desired and available (i.e., content permitted by the CA262) portions of the input data for encapsulation. Such filtering may,for example, beneficially reduce the amount of IP-encapsulated data thatis sent downstream from the IP-LNB 122 to the customer premises (e.g.,only desired packets are communicated on the in-home IP network). Suchfiltering may also enable conditional access and/or digital rightsmanagement by restricting which portions of the signal(s) c₄ (i.e.,which content) can be sent to which network address(es). Such filteringmay, for example, be controlled by the operator (e.g., via theconditional access module 262 and control signal(s) received via asatellite channel) and/or by the user (e.g., via control signal(s)received from in-home user apparatus).

The BIP 270 may then output the IP-encapsulated data as one or moreoutput signals c₅. The BMR 215 may also comprise a communicationinterface module 280 operable to interface with an IP network. The BMR215 may, for example, operate to perform network layer operation,transport layer operation, MAC layer operations, and/or PHY layeroperations compatible with one or more network standards (e.g., MoCAand/or Ethernet). In such example, the communication interface module280 may operate to interface with the IP network by transmitting and/orreceiving signals s_(IP). compatible with the IP network.

FIG. 3 depicts an exemplary network gateway for use with a satellitetelevision system. The exemplary gateway 102 comprises a host subsystem304, a data bus 312, a wide area network (WAN) interface module 314, adish interface module 316, a LAN interface module 318, a digital rightsmanagement (DRM) module 322, an MPEG processing module 324, videoencoding module 328, and an audio digital-to-analog conversion (DAC)module 330.

The host subsystem 304 may comprise a CPU 306 and a memory 308 that maybe operable to implement processes and/or applications 310 forcontrolling the overall function of the gateway 102. The processesand/or applications 310 may, for example, comprise an operating systemand a graphical user interface. The memory 308 may comprise, forexample, one-time programmable (OTP) memory, flash memory, and/orelectronically erasable programmable read only memory (EEPROM) in whichone or more security keys may be stored. In an exemplary embodiment, oneor more security keys may be read from and/or written to the memory 308only while the gateway 102 is configured into a service mode.

The WAN interface module 314 may operate as an interface between thedata bus 312 and the wide area network 112. The WAN module 314 maysupport, for example, a WAN protocol such as xDSL or Ethernet in thefirst mile.

The LAN interface module 318 may operate as an interface between thedata bus 312 and the LAN 104. The LAN interface module 318 may support,for example, a protocol such as Ethernet or MoCA.

The dish interface module 316 may operate as an interface between thedata bus 312 and the dish 106. The dish interface module 316 maysupport, for example, a proprietary protocol and/or a standardizedprotocol such as Ethernet or MoCA. In various exemplary embodiments ofthe invention, the IP-LNB 122 may be a member of the LAN 104 and maycommunicate with the gateway 102 in accordance with protocols in use inthe LAN 104. In one such embodiment, the dish interface 316 may besubstantially the same as the LAN interface 318. In another suchembodiment, dish interface module 316 may be absent and the IP-LNB 122,along with the other devices of the LAN 104, may communicate with thegateway 102 via a network switch (which may be internal or external tothe gateway 102).

The data bus 312 may comprise circuitry for the communication of databetween various modules of the gateway 102. The data bus 312 may operatein accordance with one or more standards such as, for example, theperipheral component interconnect (PCI) express standard.

The digital rights management (DRM) module 322 may be operable todescramble and/or decrypt an MPEG transport stream received via the databus 312. The key(s) utilized by the DRM module 322 to descramble and/ordecrypt may be the same as (for symmetric-key algorithms), or acomplimentary to (for asymmetric-key algorithms), the key(s) utilized bythe dish 106 in scrambling and/or encrypting the MPEG transport stream.In an exemplary embodiment, the DRM 322 may be configured such that itis capable of decrypting only signals from the particular dish withwhich the gateway 102 has been paired. That is, the DRM 322 may beprevented from decrypting signals from any dish/IPLNB other than thedish 106/IPLNB 122. In an exemplary embodiment, the DRM 322 may beforced to use one or more security keys corresponding to the dish106/IPLNB 122 when decrypting data received via a particular interface(e.g., via the dish interface 316) and/or from a particular address(e.g., MAC address).

The MPEG processing module 324 may be operable to demultiplex and decodethe MPEG transport stream received via the data bus 312. The videoencoding module 328 may be operable to receive a video stream from theMPEG processing module 324 and encode the video for conveyance to anend-user device, such as the television 114, via a wired or wirelessconnection. (e.g., a point-to-point wired connection such as HDMI). Theaudio digital-to-analog conversion (DAC) module 330 may be operable toreceive a digital audio stream from the MPEG processing module 324 andconvert the audio stream to analog for conveyance to one or morespeakers.

In operation, the gateway 102 may connect to the WAN 112 via the module314, connect to the dish 106 via the module 316, and connect to the LAN104 via the module 318. The gateway 102 may receive an IP-encapsulatedMPEG transport stream from the dish 106 via the module 316. The module316 may extract the MPEG transport stream from the IP stream and conveythe MPEG transport stream onto the bus 312. The DRM module 322 mayreceive the MPEG transport stream from the data bus 312 and attempt todescramble and/or decrypt the MPEG transport stream utilizing one ormore keys. In an exemplary embodiment of the invention, the keysutilized by the DRM module 322 may have been programmed into the DRMmodule 322 when pairing the gateway 102 with the dish 106 (or IPLNB 122)during installation. In another exemplary embodiment of the invention,the keys utilized by the DRM module 322 may have been received from aserver (e.g., server 124 of FIG. 1) of the satellite provider, as, forexample, described below with respect to FIG. 8.

In instances that the received MPEG transport stream was not receivedfrom the dish 106/IPLNB 122, i.e., not received from the dish/IPLNBcorresponding to the key(s) stored in the memory 308, then the DRM 322may be unsuccessful in attempting to decrypt and/or descramble the MPEGtransport stream.

In instances that the received MPEG transport stream was received fromthe dish 106/IPLNB 122, i.e., the dish/IPLNB corresponding to the key(s)stored in the memory 308, then the DRM 322 may successfully decryptand/or descramble the MPEG transport stream. Subsequently, the DRMmodule 322 may pass the descrambled and/or decrypted transport stream tothe MPEG processing module 324. The MPEG processing module 324 maydemultiplex and decode the MPEG transport stream and output the video tothe video encoding module 328 and the audio to the audio DAC module 330.The video encoding module 328 may encode and output the video inaccordance with one or more standards (e.g., HDMI or Displayport). Theaudio DAC module 330 may convert the audio to one or more analog audiosignals and output the audio signal to one or more speakers.

FIG. 4 illustrates removal and application of content protection bycircuitry collocated with a satellite dish. Shown in FIG. 4 is theIP-LNB 122 and the gateway 102. The IP-LNB 122 receives acontent-protected MPEG transport stream 405. The conditional accessmodule 262 descrambles and/or decrypts those portions of the stream towhich the dish 106 has access (i.e., free content and content for whichthe owner of the dish 106 has paid) to generate the unprotected stream407. The DRM module 264 then applies content protection to the stream407 to generate the stream 409. The DRM module 264 may protect thestream 407 in accordance with one or more standards such as, forexample, DTCP-IP. The encryption and/or scrambling of the stream 407 togenerate the stream 409 may utilize one or more keys 412. The key(s) 412may be unique to the IPLNB 122. The key(s) 412 may, for example, beprogrammed into the IP-LNB 122 when the dish 106 is being installed atthe end-user location (e.g., a home) and paired with the gateway 102.Additionally or alternatively, the key(s) 412 may be occasionally and/orperiodically updated via received satellite signals. The stream 409 maybe communicated to the DRM module 322 of the gateway 102 via the link108. Note that processing of the stream 409 between the DRM 464 and theDRM module 322 (e.g., by the BIP 270, the IPPM 280, and the dishinterface module 316) is not shown in FIG. 4, for simplicity ofillustration. Also note that the so-called “unprotected” stream 407 maybe physically protected deep within integrated circuitry.

The DRM module 322 may descramble and/or decrypt the stream 409 torecover the stream 407. The descrambling and/or decryption may utilizeone or more keys 414. The key(s) 414 may be unique to devices pairedwith the IPLNB 122. The key(s) 414 may, for example, be programmed intothe gateway 102 when the gateway 102 is being installed at the end-userlocation (e.g., a home) and mated with the dish 106. Additionally oralternatively, the key(s) 414 may be occasionally and/or periodicallyupdated by signals received via any one or more of the modules 314, 316,and 318.

FIG. 5 is a flowchart comprising exemplary steps for pairing of asatellite dish and a client device. The exemplary steps begin with step502 in which one or more security keys are read out of a circuitcollocated with (or intended to be collocated with) a satellite dish.The key(s) may, for example, be based on a hardware unique identifierprogrammed into the circuit during production of the circuit. Thereading of the key(s) may occur, for example, during installation in theend-user premises using special equipment possessed by an installationtechnician and/or by the installation technician entering a password.

In step 504, the key(s) read at step 502 may be programmed into a clientdevice (e.g., the gateway 102). This may occur, for example, duringinstallation in the end-user premises using special equipment possessedby an installation technician or by the circuit collocated with the dishand the client device each being configured into a service mode wherethe circuits send the key(s) to the client device.

In step 506, during operation of the dish and client, the circuitrycollocated with the dish may scramble and/or encrypt content using thekey(s) read out in step 502. Next, in step 508, the circuitry collocatedwith the dish may transmit the scrambled and/or encrypted content onto anetwork link.

In step 510, the client may receive the content via the network link,and descramble and/or decrypt content using the key(s) using the key(s)programmed into the client device in step 504.

FIG. 6 is a diagram illustrating out-of-band exchange of security keysin a satellite television system in which a satellite dish is pairedwith a gateway. Referring to FIG. 6, is the dish 106 with IP-LNB 122,the gateway 102, the WAN 112, a provider 602, and a satellite 604.

In operation, the provider 602 may occasionally and/or periodically senda new one or more keys 412 to the dish 106. Upon update of the key(s)412, the key(s) 414 in the gateway 102 will also need to be updated sothat the gateway 102 can continue to descramble and/or decrypt signalsfrom the dish 106. Accordingly, the provider may establish a secureconnection to the gateway 102 via the WAN 112. After verifying theidentity of the gateway 102 (including verifying that the gateway 102has been registered with the dish 106 and/or IP-LNB 122), the providermay send the one or more keys 414 to the gateway 102. Accordingly, ifthe gateway 102 is not a client that is registered with the dish 106and/or IP-LNB 122, the gateway 102 will be unable to obtain the key(s)414 for descrambling and/or decrypting content from the dish 106.Similarly, because the key(s) 414 are uniquely compatible with the dish106, if the gateway 102 is not connected to the dish 106 but isconnected to another dish (not shown), the gateway 102 will be unable todescramble and/or decrypt content from such other dish.

In accordance with various aspects of the present invention, a networkdevice (e.g., gateway 102) may pair with a particular satellite dish(e.g., dish 106 comprising IPLNB 122) by storing a security key (e.g.,key 414) uniquely associated with the particular satellite dish. Thenetwork device may then receive encrypted data from the particularsatellite dish, and decrypt the received encrypted data utilizing thesecurity key. In an exemplary embodiment, one or more circuits of thenetwork device may be operable to prevent the network device fromdecrypting data from any satellite dish other than the particularsatellite dish. In an exemplary embodiment, the network device may beoperable such that the security key is the only key that the networkdevice can utilize for decrypting signals received via a particularinterface (e.g., the dish interface 316) and/or from a particularaddress. The security key may be written to memory in the network devicewhile the network device is configured into a service mode. The securitykey may be received via a link (e.g., link 110) that is out-of-band witha link (e.g., link 108) between the network device and the particularsatellite dish. The network device may comprise one-time-programmable(OTP) memory and/or electrically erasable programmable read only memory(EEPROM) in which the security key is stored.

In accordance with various aspects of the present invention, one or morecircuits collocated with a satellite dish (e.g., circuits of the IPLNB122 collocated with the dish 106) may be operable to encrypt datautilizing a security key (e.g., key 412) stored in the one or morecircuits. The one or more circuits may then transmit the encrypted data.The security key may be unique to the one or more circuits and/orsatellite dish. The one or more circuits may be operable to transmit theencrypted data over an Internet Protocol (IP) network. In an exemplaryembodiment, the security key may be readable from the one or morecircuits only while the one or more circuits are configured into aservice mode. In an exemplary embodiment, the one or more circuits maytransmit the security key to a network device (e.g., gateway 102) whilethe one or more circuits are configured into a service mode. The one ormore circuits may comprise one-time-programmable (OTP) memory and/orelectrically erasable programmable read only memory (EEPROM) in whichthe security key may be stored.

Other embodiments of the invention may provide a non-transitory computerreadable medium and/or storage medium, and/or a non-transitory machinereadable medium and/or storage medium, having stored thereon, a machinecode and/or a computer program having at least one code sectionexecutable by a machine and/or a computer, thereby causing the machineand/or computer to perform the steps as described herein for providingconditional access in a satellite television system.

Accordingly, the present invention may be realized in hardware,software, or a combination of hardware and software. The presentinvention may be realized in a centralized fashion in at least onecomputing system, or in a distributed fashion where different elementsare spread across several interconnected computing systems. Any kind ofcomputing system or other apparatus adapted for carrying out the methodsdescribed herein is suited. A typical combination of hardware andsoftware may be a general-purpose computing system with a program orother code that, when being loaded and executed, controls the computingsystem such that it carries out the methods described herein. Anothertypical implementation may comprise an application specific integratedcircuit or chip.

The present invention may also be embedded in a computer programproduct, which comprises all the features enabling the implementation ofthe methods described herein, and which when loaded in a computer systemis able to carry out these methods. Computer program in the presentcontext means any expression, in any language, code or notation, of aset of instructions intended to cause a system having an informationprocessing capability to perform a particular function either directlyor after either or both of the following: a) conversion to anotherlanguage, code or notation; b) reproduction in a different materialform.

While the present invention has been described with reference to certainembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted withoutdeparting from the scope of the present invention. In addition, manymodifications may be made to adapt a particular situation or material tothe teachings of the present invention without departing from its scope.Therefore, it is intended that the present invention not be limited tothe particular embodiment disclosed, but that the present invention willinclude all embodiments falling within the scope of the appended claims.

1. A system comprising: one or more circuits for use in a networkdevice, said one or more circuits being operable to: pair with aparticular satellite dish by storing a security key uniquely associatedwith said particular satellite dish; receive encrypted data from saidparticular satellite dish; decrypt said received encrypted datautilizing said security key.
 2. The system of claim 1, wherein said oneor more circuits are operable to prevent said network device fromdecrypting data from any satellite dish other than said particularsatellite dish.
 3. The system of claim 1, wherein said one or morecircuits are operable such that said security key is the only key thatsaid network device can utilize for decrypting signals received via aparticular interface and/or from a particular address.
 4. The system ofclaim 1, wherein said security key is written to said one or morecircuits while said one or more circuits are configured into a servicemode.
 5. The system of claim 1, wherein said security key is receivedvia a link that is out-of-band with a link between said network deviceand said particular satellite dish.
 6. The system of claim 1, wherein:said one or more circuits comprise one-time-programmable (OTP) memory;and said security key is stored in said OTP memory.
 7. The system ofclaim 1, wherein: said one or more circuits comprise an electricallyerasable programmable read only memory (EEPROM); and said security keyis stored in said EEPROM.
 8. The system of claim 1, wherein: said one ormore circuits comprise flash memory; and said security key is stored insaid flash memory.
 9. A method comprising: performing by one or morecircuits in a network device: pairing with a particular satellite dishby storing a security key uniquely associated with said particularsatellite dish; receiving encrypted data from said particular satellitedish; decrypting said received encrypted data utilizing said securitykey.
 10. The method of claim 9, comprising preventing said networkdevice from decrypting data from any satellite dish other than saidparticular satellite dish.
 11. The method of claim 9, wherein saidsecurity key is the only key that the network device can utilize fordecrypting signals received via a particular interface and/or from aparticular address.
 12. The method of claim 9, comprising writing saidsecurity key to said one or more circuits while said one or morecircuits are configured into a service mode.
 13. The method of claim 9,comprising receiving said security key via a link that is out-of-bandwith a link between said network device and said particular satellitedish.
 14. The method of claim 9, wherein: said one or more circuitscomprise one-time-programmable (OTP) memory; and said storing comprisesstoring the security key in said OTP memory.
 15. The method of claim 9,wherein: said one or more circuits comprise an electrically erasableprogrammable read only memory (EEPROM); and said storing comprisesstoring the security key in said EEPROM.
 16. The method of claim 9,wherein: said one or more circuits comprise flash memory; and saidsecurity key is stored in said flash memory.
 17. A system comprising:one or more circuits collocated with a satellite dish, said one or morecircuits being operable to: encrypt data utilizing a security key storedin said one or more circuits, wherein said security key is unique tosaid satellite dish; and transmit said encrypted data.
 18. The system ofclaim 17, wherein said one or more circuits are operable to transmitsaid encrypted data over an Internet Protocol (IP) network.
 19. Thesystem of claim 17, wherein said security key can be read from said oneor more circuits only while said one or more circuits are configuredinto a service mode.
 20. The system of claim 17, wherein said one ormore circuits are operable to transmit said security key to a networkdevice while said one or more circuits are configured into a servicemode.
 21. The system of claim 17, wherein: said one or more circuitscomprise one-time-programmable (OTP) memory; and said security key isstored in said OTP memory.
 22. The system of claim 17, wherein: said oneor more circuits comprise an electrically erasable programmable readonly memory (EEPROM); and said security key is stored in said EEPROM.23. The system of claim 17, wherein: said one or more circuits compriseflash memory; and said security key is stored in said flash memory.